Damn Data: Security Analytics & Big Data

Published on April 13, 2016

There, I did it: I finally wrote a security blog with a reference to Internet sensation Damn Daniel. While I’m under no illusions that this blog will have the love/hate, viral impact of Daniel and his white Vans, there seems to be a love/hate relationship between organizations and their data. And that relationship is being tested like never before with the ever-growing adoption of big data.

I recently embarked on a one-week, five-state tour to visit our customers. While I don’t advise a schedule like that, it really paid off. I had the good fortune to speak with a number of security leaders across various industry verticals including pharmaceuticals, healthcare payers, civilian and defense government agencies, critical infrastructure and technology. All of them were talking about their “damn data.”

It isn’t that they don’t have enough data or that it isn’t stored in an easy-to-access format. In fact, batch and real-time data collection, storage and management seem to be solved issues. Most of these organizations have been engineering their big data solutions for at least a couple years, so those variables have become as ordinary as getting email to work on your mobile device.

Cloudera, for example, came up in many conversations. Many of our customers see Cloudera as the most efficient path to “time to value” and the most comprehensive solution when leveraging Hadoop as a data platform.

The “damn” really comes when security leaders are interested in running security analytics on big data lakes in a way that is at least on par with the performance and capabilities that can be realized by more traditional SQL or similar backend solutions, even though the data is likely to be much more voluminous.

In February of 2016, Securonix and Cloudera announced a partnership to solve this problem with a solution that integrates the power of Securonix security analytics with the speed, scale and storage of Hadoop in a single, out-of-the box solution. The result is SNYPR: a powerful security analytics solution that is purpose-built for big data organizations. SNYPR is predicated on the same value points as the original Securonix security analytics platform:

Reduced threat identification and remediation time

Improved ROI on existing security controls

Reduced level of effort with fewer FTE requirements

Business optimization across time to value, total cost of ownership and level of effort

During our customer visits, we identified many of the capabilities security leaders in the trenches find useful:

Cost-effective data fault tolerance and longer-term storage

Analytics with intuitive user operation and visualizations including summaries and timelines to reduce analysis cycles

Advanced search capabilities that are fast, in fact, testing has shown that a query across 8.5 billion events can return 250,000 results in half a second

Searching with natural language support instead of having to learn yet another database query language increases usability

Content enrichment and the inclusion of both raw (original) data and enriched data for context maximization
Parallelized, distributed processing and multiple subscriber support for scale and extensibility

The bottom-line that customers are finding is that by integrating the original security analytics power of Securonix atop the enhanced capabilities that are afforded by Hadoop, big data lakes can be minded to make a huge difference in improving security by performing analysis on more data.

Company

Securonix Security Analytics Platform, Securonix UEBA, Securonix Cloud, Securonix Security Data Lake,
and Securonix Security Applications are trademarks and of Securonix, Inc. in the United States and
other countries. All other brand names, product names, or trademarks belong to their respective
owners. 2019 Securonix, Inc. All rights reserved.